Jump to content

Archived

This topic is now archived and is closed to further replies.

HALO

HIPS Rule Wilcard

By HALO, in ESET Endpoint Products

Recommended Posts

HALO    0

HALO
Posted

Hello everyone,

 

I just want to create a HIPS rule that can block an application that running in C:\users\user\appdata. I want to deploy this configuration via ERA Policy. So I need to specify a path like C:\users\*\appdata\applicationfolder. As I see it, ESET accept only exact path while I am creating HIPS rule. Is there any solution for this?

 

Thank you

Share this post

Link to post
Share on other sites

Marcos    3,076

Marcos
Posted

Even if wildcards were supported in rules, the %APPDATA% variable wouldn't resolve as expected as it resolves to C:\Windows\system32\config\systemprofile\AppData for the local system account in which ekrn.exe runs.

Share this post

Link to post
Share on other sites

Arakasi    543

Arakasi
Posted

Hello HALO,

 

Instead of using ESET HIPS to prevent malware executables from being run out of the appdata directories, i would create a GPO for your users to combat this. You will have more options using windows.

If you need assistance i know the Crypto Prevention Kit has some GPO's for servers and term servers you can import with little effort.

Share this post

Link to post
Share on other sites
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...